There is an email which appears to be from “Citibank”, which requests
customers to update their information on the scammer’s website. The
link on the page is directed to:


Note the top-level domain name is NOT
citibank.com, but http://ssl898.pk, a domain name from Pakistan. We
tried the link only today, and the website has been removed.

Attached is the full email and header. Note the colour scheme which is similar to the usual citibank’s.

——– Header ——-
X-Originating-IP:    []
Return-Path:    [security@citibank.com]
Authentication-Results:    mta328.mail.scd.yahoo.com from=Citibank.com; domainkeys=neutral (no sig)
Received:    from (HELO co.hennepin.mn.us) ( by mta328.mail.scd.yahoo.com with SMTP; Thu, 14 Sep 2006 09:41:08 -0700
Message-ID:    [A4A51844.1952760@vista.com]
Date:    Thu, 14 Sep 2006 19:41:17 +0300
From:    “securityCitibank.com” [security@Citibank.com]  Add to Address BookAdd to Address Book  Add Mobile Alert
Subject:    Additional Security Requirements